An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls.
What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?
Within a High Availability (HA) configuration, each pair of firewalls uses a Group ID to identify itself. The Group ID is included in the MAC address to avoid conflicts. If two pairs of firewalls share the same subnet and have the same Group ID, this will result in conflicting MAC addresses being present in the ARP tables. To resolve this, the Group IDs for each HA pair need to be unique. Therefore, changing the Group IDs in the High Availability settings to be different for each firewall pair on the same subnet will resolve the MAC address conflicts.
Per Evdw's link: The Group ID is part of the MAC address in a HA pair. Each pair of devices in a multi-cluster environment must have a unique Group ID in order to prevent duplicate MAC entries in upstream ARP tables. Changing the Group ID in one of these clusters should resolve the problem.
Correct answer C https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1OCAS
Correct Answer is C https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1OCAS
C Correct Answer https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1OCAS
C is correct
C is the way